Hackers Exploit Telegram Messenger’s Vulnerability to Spread Malware

As indicated by Russian cybersecurity firm Kaspersky Labs, hackers have been utilizing a zero-day misuse in Telegram to infect its clients with a digital currency mining malware, in order to mine privacy-centric digital currencies like Monero, Zcash, and others. Just Telegram’s desktop application was targeted.

The attack is the most recent instance of a continuous cryptojacking trend that as of late observed hackers hijack a large number of Android gadgets to mine Monero. The trend apparently picked up when well-known torrent-index site The Pirate Bay tested mining Monero with client’s PCs as another option to running ads.

Per the cybersecurity firm’s report, hackers have been exploiting the vulnerability since March 2017. To infect clients, cybercriminals exploited a feature that enables Telegram to perceive message in Arabic and Hebrew, languages composed from right to left.

Hackers utilized a concealed character in the component that turned around the order of the characters, viably enabling them to rename files. Along these lines, they deceived clients into installing files with malware in it, that at that point utilized their PCs to mine digital currencies, and conceivably gave them backdoor access to the victim’s machine. In one case, researchers discovered files containing a Telegram local cache stolen from a victim.

The post peruses:

“After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands including the further installation of spyware tools.

Kaspersky noticed that the malicious software was just found in Russia, and that pieces of information in the code indicated Russian cybercriminals. It included that Telegram wasn’t the only vulnerable messaging application, as a month ago it found an exploit in WhatsApp that enabled lawbreakers to steal messages.

The Russian firm reached Telegram on the issue back in October, and by November the issue was apparently fixed. On a technical channel, Telegram cleared up the attack was a type of social engineering, and that it just worked if the client downloaded the malicious files.

Pavel Durov, the company’s founder, noted this isn’t a “real vulnerability on Telegram Desktop,” as nobody can remotely get to another client’s PC or Telegram unless the file was opened. Per Durov, reports like these ought to be carefully analyzed.

“As always, reports from antivirus companies must be taken a grain of salt, as they tend to exaggerate the severity of their findings to get publicity in mass media.”

As covered by CCN, Telegram is working on a potentially record-setting ICO that could raise billions. The project expects to make “Gram,” a digital currency that will work as the native currency of the Telegram Open Network (TON), which will be coordinated specifically into the Telegram platform, which is set to hit 200 million clients in the primary quarter of this current year.